crlrefresh - update and maintain system-wide CRL cache
crlrefresh command [command-args] [options] crlrefresh r [options] crlrefresh f URL [options] crlrefresh F URI [options]
r Refresh the entire CRL cache
f Fetch a CRL from specified URL
F Fetch a Certificate from specified URL
Refresh and update the cache of Certificate Revocation Lists (CRLs), optionally used
for verifying X.509 certificates,
CRLs have a validity from one day upwards.
crlrefresh fetches those which are or will soon be, invalid or specific CRLs and certificates from the network;
The URL specified in f and F t be http:" or "ldap:".
Typically run by cron.
Specify the time in days which, having elapsed after a CRL is expired, that the CRL is deleted
fromt he CRL cache. The default is 10 days.
Specify the time in seconds prior to a CRL's expiration when a refresh action will attempt to
replace the CRL with a fresh copy.
|Purge all entries from the CRL cache, ensuring refresh with fresh CRLs. Normally, CRLs whose
expiration date is more than expire_overlap past the current time are not refreshed.
|Perform full cryptographic verification of all CRLs in the CRL cache. Normally this step is
only performed when a CRL is actually used to validate a certificate.
| The full path to the CRL cache (which is always a keychain). The default is /var/db/crls/crl-
|Provide verbose output during operation.
| When fetching a CRL or certificate, specifies the destination to which the fetched entity will
be written. If this is not specified then the fetched entity is sent to stdout.
|When fetching a CRL, this inhibits the addition of the fetched CRL to the system CRL cache.
| Execute in verbose mode.
/var/db/crls/crlcache.db System CRL cache database